Some network security applications function to detect malicious applications stored on network devices before the malicious applications can be executed or otherwise employed in damaging the network or network devices. Examples of malicious applications include applications that contain viruses or malware. While early malicious applications included only a single file, recent malicious applications, also known as malicious software packages, increasingly include multiple files. Further, recent malicious applications are increasingly released periodically as newer versions, with each version of the malicious application also including multiple files.
One problem with a malicious application including multiple files and multiple versions is the difficulty involved in identifying which files stored on a network device belong to the malicious application. Unless a network security application is able to identify all files belonging to a malicious application, it may be difficult for the network security application to fully protect a network device on which the malicious application is installed, which leaves the network device vulnerable to the malicious application.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.